Principles For Secure & Reliable Systems • Eleanor Saitta • GOTO 2023

This presentation was recorded at GOTO Aarhus 2023. #GOTOcon #GOTOaar Eleanor Saitta - International Security Researcher & Co-founder of Open Source Tool Trike @eleanorsaitta4486 RESOURCES @dymaxion ABSTRACT Whether you’re building a new system with an established team, trying to tame a legacy ecosystem, or starting from scratch, how you think about security and reliability has a big impact on how hard they are for you to achieve. In this session I’ll give you some tools for reframing the way you think about these problems, and explore how they’re linked, too. Specifically, we’ll look at security and reliability from the perspective of design principles, both in terms of the technical design of your system architecture and security and operations tooling, and in terms of the design of the organization that’s doing the work, especially how it communicates and makes decisions. By the end of this talk, you should understand some of the structures you need in place to achieve good and sustainable outcomes for your team. [...] TIMECODES 00:00 Intro 00:52 What is a system? 02:30 Properties you care about 04:17 What is security? 06:36 What is resilience? 08:07 State & logic 10:02 Immutability & ephemerality 12:54 Minimal, canonical state 15:29 Unlinkability 17:43 Code is not an asset 20:35 Declare, don’t program 25:22 Design for failure 33:20 Product security 37:33 Quick tips for starting from zero 39:19 Outro Download slides and read the full abstract here: RECOMMENDED BOOKS Liz Rice • Container Security • Liz Rice • Kubernetes Security • Aaron Parecki • OAuth 2.0 Simplified • Aaron Parecki • OAuth 2.0 Servers • Erdal Ozkaya • Cybersecurity: The Beginner’s Guide • #Security #AppSec #Cybersecurity #CNCF #EleanorSaitta #Phishing #PhishingAttack #U2F #U2FToken #WAF #Compliance #Yubikey #SSO #Resilience #ResilientSecurity #Ephemerality #Immutability #OAuth #Programming #Privacy #eBPF Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.